<?php
session_start();
require_once 'db_conn.php';
header("content-type:text/html:charset=utf-8");

$username = $_POST['username'];
$password = $_POST['password'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$password = md5($password);


$sql = "
select *
from user
where acoount='$username'
    and password='$password'
limit 1;
";
//$sql = ($sql)
//echo $sql
//die
//echo $sql;
$result = $conn->query($sql);
if($result->num_rows>0){
    echo "正确！";
    $row = $result->fetch_array(MYSQLI_ASSOC);
    $_SESSION['uid']=$row['id'];
    $_SESSION['uname']=$row['acootunt'];
    header("Location:index2.php");
} else {
    echo "用户名或密码错误！";
    header("Location:login.html");
}